Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

About alvarnell

  • Rank
    Macintosh Guru

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The report of no threats is almost certainly reliable and as @David H. Lipman has said, the message is a total and well known hoax. Most users have had their e-mail addresses harvested, either through compromise or having an e-mail posted to a public list. If the threat e-mail also contained your password (either current or old) then it's likely that it's been "pwned".
  2. alvarnell

    My Data Breached

    Thanks for posting https://haveibeenpwned.com. I also recommend doing that as well as signing up with the site to get notifications when and if any other breaches occur. You can also check out the passwords you use for critical sites (e.g. e-mail, financial institutions) by clicking "Passwords" in the menu and entering sensitive passwords you currently use to see if they have ever been compromised.
  3. Yes, that is one of the steps included in the instructions MAXBAR1 recommended.
  4. Part of your question has been asked and answered before, here. I'll tell you what I can and let the staff give you a more specific information about the purpose of each connection. The RTProtectionDaemon is rather poorly named in that it is responsible for the Protection Updates and much more. I suppose it would be possible to reverse engineer it in order to modify it for malicious purposes, so you may not get much in the way of technical information about it's use, but I think it's fair to understand what it's communication needs are. You can find very detailed information about what data is collected, stored and why in the company's privacy policy, but it does apply to all of their software, not just MBAM.
  5. alvarnell


    That has certainly been true of the iOS environment, but movement to that end in macOS has been glacially slow. I see nothing in the area of security to support that statement.
  6. So the fact that all apps Internet connection apps are affected tells us we've been looking in the wrong place for the problem (browsers). Since your guest account is working we know the problem is limited to your user environment. And since Safe Mode operation is OK, it means that something which normally loads when you log into your account is causing this, it helps narrow things down a bit, but still leaves that root cause to be somewhat of a mystery. I know you said you have already removed 4 or 5 proxies already. Can you check again to see if they are all deleted and all the protocols to configure are unchecked?
  7. I don't think I got a clear answer to my earlier question. Do all your other apps still have Internet access (e.g. Mail, Mac App Store)? What happens when you log into a different account (if you are only user create an additional for testing purpose)? What happens when you log in with Safe Mode enabled (hold Shift-key down at reboot)? Since you are able to post here (on some other device?), I’m guessing it's not a router problem?
  8. alvarnell


    https://techguylabs.com/episodes/1556#main (Last question of hour 2). Not yet available on iTunes, as of this posting. The attack vector discussions (mostly theoretical) have been ongoing for a couple of years now, but at least on the Mac side have recently been renewed by several macOS security bloggers. The problem with macOS is that we rely on Gatekeeper to prevent such things, but Gatekeeper only thoroughly checks apps on first launch. It's also possible to avoid Gatekeeper entirely, but that's a somewhat different issue. So if an attacker is somehow able to make changes to that app without breaking it after the first launch, it could be modified to act as malware. I don't follow things on the Windows side, but I'm not aware of any example threats on the Mac side. There have been a couple of examples of legitimate app sites that were hacked and a malicious version of the app with a different legitimate Apple DeveloperID signature being posted. The DeveloperID was quickly revoked and the original app developer removed the malicious app, but a few users were infected. There was also malware that masqueraded as "Symantec Malware Detector", but these aren't actually representative of the problem mentioned. The obvious fix is for Apple to make Gatekeeper more robust in it's ability to detect such modifications after the fact. But that will slow down each and every launch to varying extents, so that's probably why it hasn't been done yet. The best near term answer is for more developers to run their own checks at launch to ensure the integrity of their app has not been compromised. A few developers have been doing that for a very long time, but it's not yet common practice. Here's a more technical discussion of the issue that was recently posted by Howard Oakley: App signatures are always checked on launch, but serious errors may be ignored.
  9. alvarnell

    MAC Phishing Protection?

    Malwarebytes has a policy of not making public comments with regard to such things. Here's another related posting (last paragraph) that you might be interested in:
  10. Thanks for the details. Run through all the suggestions in the pinned article at the top of this forum. Many users have had success by running though each of the suggested steps.
  11. As @tacoma explained, you need to open the Terminal application, found in /Applications/Utilities/ then copy and paste each of the 6 commands listed and hit return, one line at a time to make changes to the chrome policies. I suppose you might be able to change them using the Chrome interface you have shown, but that's not what is being recommended here.
  12. First off, you really need to be running 10.11.6 with Security Update 2018-004 El Capitan which fixes hundreds of bugs and dozens of security issues with what you are still using. Honestly, there isn't any real way to troubleshoot a system that is so far out of date. The current version of Malwarebytes assumes that you are running an up to date OS. Secondly, I need to know exactly what those fixes you attempted were so I don't repeat them here. Lastly, where are you seeing the "no internet" message? Malwarebytes, your browser, your e-mail, all of the above?
  13. Contact sales for that: https://support.malwarebytes.com/community/consumer/pages/contact-us.
  14. Premium subscriptions for iOS devices are only available from the App Store due to Apple rules on such things. Premium subscriptions purchased directly from Malwarebytes are only valid on Mac, Windows, Android and ChromeOS devices. FAQ concerning this explain all this: https://www.malwarebytes.com/pricing/?rec=premium#faqs.

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.